Even though the origins of cloud computing (i.e., utility computing) date from the 1960s, cloud computing in 2010 is a youthful field. Accumulated advances in network capacity, nearly ubiquitous connectivity, storage capacity, and efficient hardware virtualization have created new business opportunities: cloud providers can now rent computing resources over network connections to customers at costs that are very competitive with direct customer ownership. Moreover, cloud-based resource rentals have the potential to be far more flexible and convenient than resource ownership for end users. To maximize these opportunities, cloud providers are inventing new tools to manage remote, network-accessed, rental computing resources. These tools range from low-level system management utilities to new programming languages, new middleware software stacks, and new scalable algorithms for computing on large collections of data under the assumption that large numbers of compute and storage servers can be rapidly provisioned under software control.

The US Government, along with other potential cloud-computing customers, has a strong interest in the evolution of a vibrant and competitive cloud-computing marketplace. Prospective customers, however, legitimately seek answers to three important questions:

If a customer wishes to move their workload away from a cloud provider, can that be done at low cost and disruption? I.e., does the cloud provide portability?

Can a customer concurrently employ multiple cloud providers to achieve a single goal at low cost? I.e., does the cloud provide interoperability?

What support for security can cloud providers offer to allay concerns about how customer data is protected from unauthorized disclosure or modification; and what kinds of availability requirements can cloud providers satisfy? I.e., does the cloud provide support for security?

Generating high-quality cloud computing standards is one way to help to answer these questions, but standards development is time-consuming. In the absence of existing standards, there is a risk that short-term industry decisions affecting these questions, if not carefully considered in the short term, may become legacy constraints.

The Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) project at the National Institute of Standards and Technology (NIST) seeks to generate concrete data about how different kinds of cloud system interfaces can support portability, interoperability, and security. By showing worked examples, the SAJACC project seeks to facilitate Standards Development Organizations in their efforts to develop high-quality standards that address these important needs.

The operation of SAJACC is conceptually simple. SAJACC will iteratively:

develop a set of cloud system use cases that express selected portability, interoperability, and security concerns that cloud users may have;

select a small set of existing cloud system interfaces that can be used for testing purposes;

develop a test driver, for each use case and selected system interface, that represents (to the extent possible) the operation of the use case on the selected system interface;

run the test drivers and document the extent each test driver can run on each selected system interface, and document any portability, interoperability, or security implications of the test run; and

publish all use cases, test codes, and test results on the openly-accessible NIST Cloud Portal (www.nist.gov/itl/cloud), for use by Standards Development Organizations and other interested parties.

Figure 2 depicts the NIST Cloud Portal and the main steps of starting the SAJACC process. At this time of this writing, SAJACC is in step 1 of the figure.

Figure 1 SAJACC Process

HOLD FOR IMAGE

This document describes a set of preliminary use cases developed for the SAJACC project for the first pass through the SAJACC process. Through a series of open workshops, and through public comment and feedback, NIST will continue to refine these use cases and add new use cases as appropriate.